CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4526
https://notcve.org/view.php?id=CVE-2020-4526
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que confía el sitio web. IBM X-Force ID: 182436 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182436 https://www.ibm.com/support/pages/node/6332589 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-4521
https://notcve.org/view.php?id=CVE-2020-4521
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podría permitir a un atacante autenticado remoto ejecutar código arbitrario en el sistema, causado por una deserialización no segura en Java. Al enviar una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182396 https://www.ibm.com/support/pages/node/6332587 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4671
https://notcve.org/view.php?id=CVE-2019-4671
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, agregar, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171437 https://www.ibm.com/support/pages/node/6332583 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 81%CPEs: 2EXPL: 1CVE-2020-4463
https://notcve.org/view.php?id=CVE-2020-4463
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyección de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://github.com/Ibonok/CVE-2020-4463 https://exchange.xforce.ibmcloud.com/vulnerabilities/181484 https://www.ibm.com/support/pages/node/6253953 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4591
https://notcve.org/view.php?id=CVE-2019-4591
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 https://www.ibm.com/support/pages/node/6245696 • CWE-384: Session Fixation •